Operational Security Management

Anticipate cyber behaviours, both deliberately adversarial and unintentionally inept, that would undermine an organisation's viability

Critically evaluate the vulnerabilities of an organisation through active probing of its systems

Manage cyber resources to maintain an organisation's viability in the face of adversarial or unintentional threats

Why is this important?

At its core, operatoinal security management is concerned with systematically addressing threats, vulnerabilities and the negative consequences that occur should a threat exploit a vulnerability in any organisation's day-to-day cyber engagement. In that sense, it uses the vocabulary of risk management, but is particularly concerned with the home team engaging in concrete patterns (which may be deliberately randomised to hide the pattern) of activity that anticipate and foil an adversary's activity.

Content

This module draws together the content from earlier other modules and presents the various interacting topics in an operational context. The focus is on operational security management relating to the cyber domain: maximising the benefits that flow from cyber engagement, whilst minimising the harms, through deliberate, managed activity. Some of this activity is obvious and directly cyber related: crypto key management or firewall rule change-control for example. Some is less obvious and indirectly cyber related: HR protocols for joiners and leavers for example.

Module content will cover:

secure operations management and service delivery

cryptography

network security

system security

application security

physical security

vulnerability assessment

dependable/resilient/survivable systems

Delivery and assessment

8 half-day sessions will be regularly spaced across Year 3. Within each half day session, there will be a mix of lecture, tutorial and practical activity.